How to Install Suricata on a Linux Box in 5 Minutes

It’s annoying to me that package managers are so bad at deploying Intrusion Detection systems like Snort and Suricata. They never seem to work the way they should, so I prefer to build from source and configure them myself. And it’s actually super easy.

Here’s how to go from nothing to a working Suricata install—on any modern Linux system—in just minutes.

1. Get the software

It will be here: https://suricata-ids.org/download/ (download the Linux version, which is a tarball).

2. Expand the software:

tar xvzfsuricata-$VER.tar.gz

3. Enter the software directory

[ NOTE: We will now refer to whatever your directory is named (based on version) as suricata-dir. ]

cd suricata-dir

4. Compile, build, configure, and install the software

There are some great built-in options for doing lots of configuration automatically, such as creating the required directories, building your suricata.yaml file, and downloading the latest Emerging Threat ruleset.